Fergie's Tech Blog

Saturday, September 27, 2008

So, Where Are Esthosts/Estdomains Now?

Let's take a look-see at where Intercage/Atrivo's most infamous client, esthosts/estdomains, are situated - using Domaintools, cidr-report.org and bfk-de, and a smattering of Sam Spade 1.14. I'm not using Robtex that much because I get the sense that, sometimes, its data is behind the times and it should be noted that by the time this article goes live, things may have changed again. I think the hardest part of writing about this stuff is not doing the research per se, but rather, trying to distill the information down into a format that is half-way possible to understand.

In summary, what do we see? Well, it looks like Esthosts/Estdomains have come to rest in Russia and Amsterdam. I also note that their infamous ex-host Intercage (who are, apparently, still off the air) continue to have some involvement with Esthost/Estdomains via protectdetails.com (protectdetails.com is the WHOIS privacy service Estdomains created to replace Directi's PrivacyProtect service) and Cernel. I was also interested to note that Domaintools reports that the SSL Certificate for protectdetails.com and cernel.org are both "billing.esthost.com"...

Chinese Astronauts Complete First Spacewalk

A Chinese astronaut has completed his nation's first ever foray into space beyond the confines of a spacecraft.

Zhai Zhigang, the lead Chinese astronaut, or taikonaut, of the Shenzhou 7 mission, spent about 20 minutes floating outside his vehicle. During the spacewalk, which began at about 4:40 a.m. ET (0840 GMT) and ended at 4:58 (0858 GMT), he retrieved a small sample of solid lubricant from the outside of the spacecraft that had been placed there before launch. The excursion was broadcast live.

Zhai, along with crewmates Liu Boming and Jing Haipeng, launched into space Thursday aboard a Long March 2F rocket from Jiuquan Satellite Launch Center in China's Gansu province. The mission is China's third manned spaceflight.

The 10 Most Mysterious Cyber Crimes

The most nefarious and crafty criminals are the ones who operate completely under the radar. In the computing world security breaches happen all the time, and in the best cases the offenders get tracked down by the FBI or some other law enforcement agency.

But it's the ones who go uncaught and unidentified (those who we didn't highlight in our Cyber Crime Hall Fame that are actually the best. Attempting to cover your tracks is Law-Breaking 101; being able to effectively do so, that's another story altogether.

When a major cyber crime remains unsolved, though, it probably also means that those of us outside the world of tech crime solving may never even know the crime occurred.

These are some of the top headline-worthy highlights in the world of unsolved computing crime—cases in which the only information available is the ruin left in their wake.

In 2007, the misuse of lost and stolen identity information cost $45 billion, an average of $5,574 per incident, according to Javelin Strategy's 2008 Identity Fraud Survey Report.

There's reason for both consumers and companies to be concerned.

Consumers bore only an average of $691 of that cost, and more than half paid nothing, said Mary Monahan, the Javelin Strategy analyst who wrote the report. However, unlike burglary or robbery, it's not clear to most people how their identities are stolen -- and some don't even know the crime took place.

"Unfortunately, victims rarely know who it is or how it is that their identity is compromised," said Jay Foley, executive director of the Identity Theft Resource Center.

Domain Name Registrars Required to Help Fight Child Porn

Domain name registrars are being brought into the fight against child pornography in the United States, with registrars being included among those required to report child pornography. Failure to do so will be a federal crime.

The bill is one of several in legislation that was passed 418-8 on Friday, that included a proposal by Sen. Charles Schumer that will "require more electronic service providers to report online child pornography and make failure to report known child pornography a federal crime," reports AP.

"Currently, Internet service providers are required to report child pornography to the National Center for Missing and Exploited Children. The legislation would expand those companies with reporting obligations to include search engines such as Google and Yahoo!, social networking sites such as Facebook and MySpace, domain name registrars and wireless phone carriers.

"These companies would not be required to monitor Web sites, but the legislation would triple fines for knowing failure to report child pornography."

Friday, September 26, 2008

Microsoft, Washington State to Sue 'Scareware' Pushers

Microsoft and Washington state are cracking down on scammers who bombard computer users with fake warning messages in hopes of selling them useless software.

On Monday the state's attorney general and lawyers from Microsoft's Internet Safety Enforcement team will announce several lawsuits against so-called "scareware" vendors, who are being charged under Washington state's Computer Spyware Act.

The vendors targeted by the lawsuits are not being named until Monday, but the Washington attorney general (AG) referred to them in a media alert sent out Friday as "aggressive marketers of scareware -- useless computer programs that bilk consumers by using pop-up ads to warn about nonexistent, yet urgent-sounding, computer flaws."

Frank Abagnale on Identity Theft: Technology Breeds Crime

In a keynote speech given yesterday at the Government Technology Conference East, Frank Abagnale poignantly addressed many of the security issues that government, businesses and the individual are faced with today. Abagnale -- whose life was the subject of the movie "Catch Me if You Can" -- spent the early part of his life living on fake identities and stolen cash. Now, however, Abagnale now lectures on the potential risks involved in everyday transactions. Writing a check, using a debit card, making purchases online or even withdrawing cash from an ATM are all actions that can put the individual at risk. And while the times have changed and technology has advanced, Abagnale claims that much has remained the same in the world of identity theft and fraud.

Because of public access laws and the necessity of open information, gathering basic data on a given person -- living or dead, young or old, rich or poor - -- is, as he puts it, easy as counting to one, two, three. "If you make it easy for people to steal from you, it is unfortunate, but people will," said Abagnale.

Since April of 2007, there have been 15 million victims of identity theft. That's one victim every four seconds. According to Abagnale, identity theft "is a crime limited only by the criminal's imagination." A new type of identity theft has presented itself as recently as 2008. It's called "Synthetic Identity Theft." By using this type of theft, criminals can remain virtually undetected until it is far too late to catch them. The method used is as follows: A criminal obtains an individual's personal data -- name, date of birth, Social Security number, etc. -- and proceeds to open a credit card.

But the criminal will purposefully change just one letter of the name or one digit of the Social Security number, knowing the credit bureaus have a "tolerance" feature built into their system which allows for human error when filling out applications. The credit card will be issued in the original individual's name, but under a secondary file. The criminal then has time to open more credit cards, build up credit, apply for a loan, default on the loan, and the individual is left to repair the damages.

Thursday, September 25, 2008

Yes, Atrivo/Intercage is Offline Again...

Romania to Establish CSIRT Security Team

RoEduNet, the Romanian national research and education networking organisation (NREN), is to establish a computer security incident response team (CSIRT). This decision follows a visit by a delegation from TERENA and SWITCH, the Swiss NREN, on 11-12 August 2008.

The meeting was undertaken on behalf of the GN2 project's development support activity (NA4) and security activity (JRA2), which encourages all NRENs connected to the GÉANT2 network to establish a CSIRT. This ensures that designated contacts are available to handle any security incidents that arise within those constituencies, particularly where the incidents have international scope. The establishment of a Romanian team means that most countries connected to the GÉANT2 network will now have incident handling procedures.

RoEduNet has put in place an implementation plan to become a recognised CSIRT, with the goal of becoming fully-accredited with FIRST (the global forum of security teams) and the European Trusted Introducer service, which is currently operated under contract to TERENA.

UnitedLayer COO: Giving Access to InterCage is an Issue of Ethics

Richard Donaldson, COO of co-location provider UnitedLayer, knows that his new client InterCage is unpopular. It's just that he's not sure that hosting botnets, malware, and spam services deserves a lifetime of incarceration.

Because that is, Donaldson says, effectively what it means to cut off InterCage (a.k.a., Atriva) from the net community in this day and age.

"Data centers are becoming the information plants for the information age," said Donaldson, whose firm re-admitted Emil Kacperski's notorious service to the land of the net-living after what the COO termed "challenging and lively discussion," not to mention the actual pulling of plugs on InterCage's stinkiest servers.

But ethically, he doesn't believe that InterCage's past offenses -- which include serving as a major source of botnets, malware, spam and other net-junk -- merit the ultimate punishment, though he points out that InterCage may have already self-administered its own doom, since it "may not be in business much longer" with its net reputation in tatters.

There's no Internet body that enforces penalties for suspected evildoers; neither blacklists nor blocks have the force of law, and the law itself is an international patchwork on the subject. But when company after company dropped relations with InterCage in the wake of multiple reports documenting its shady dealings, suddenly UnitedLayer (which previously had a co-location agreement with the troubled firm, and prides itself on its "technocratic oath" to Do No Technical Harm) was the last firm willing to work with it. That essentially gave Donaldson's people the power to send InterCage dark or, as he chose to do, stick InterCage in a sandbox and watch it like a liability lawyer watches a hyperactive two-year-old.

Image of The Day: Putin Rears His Head... Over Alaska

Why SCADA Security Must Be Addressed

Industrial control systems, including SCADA (supervisory control and data acquisition) have come under the security spotlight in recent years following a sprinkling of incidents - most notably the Slammer worm infestation at Ohio's Davis-Besse nuclear power plant in 2003, and post-9-11 attention to terrorist threats.

But SCADA security is a tough nut to crack, buried beneath a complex mix of technology, attitude and a particularly intractable set of network characteristics. Still, industry experts see the risk to SCADA systems growing in the not-too-distant future. Not only are there very real dangers, but regulatory agencies are beginning to take notice and impose requirements.

Matthew Luallen, owner of Encari, a Chicago-based information security consultancy, points out that the electric utility industry is already under a three-year program to improve security. The sanctions for noncompliance, he says, can run up to $1 million a day.

Fundamentally, the control world has changed, particularly at the high end with methods like SCADA. There are more open systems, wireless technologies are becoming popular and there's increased connectivity, both internally and externally. There are more outsourced services and strategic alliances among vendors, which encourages openness and interoperability. Plant environments have become complex with multiple vendors' equipment, proprietary systems and mission-critical applications all tied together in complex networks; all must function in a time-constrained fashion.

As one of the nation's premier national security labs and one of three nuclear weapons facilities - and after a series of high-profile security flubs -- one would think they'd go out of their way to get the facility's security act together. Apparently not.

Watchdogs at the Government Accountability Office said today that while the Los Alamos National Lab has indeed bolstered some of its cyber protection, weaknesses remain in protecting the confidentiality, integrity, and availability of information on its unclassified network, among other deficiencies. LANL's unclassified network contains sensitive information, such as unclassified controlled nuclear information, export control information, and personally identifiable information about laboratory employees.

SCADA Watch: How Safe is Our Nuclear Cyber Network?

There are very few details or specifics, which is at it should be in an UNCLASS report, however what’s really disturbing is the sluggish pace at which the National Nuclear Security Agency (NNSA) is complying with cyber security standards.

SCADA Watch: World's Electrical Grids Open to Attack

A serious vulnerability has been found in yet another computerized control system that runs some of the world's most critical infrastructure, this time in a product sold by a vendor known as the ABB Group.

According to researchers from C4 - a firm specializing in the security of so-called SCADA, or Supervisory Control And Data Acquisition, systems - ABB's Process Communication Unit (PCU) 400 suffers from a critical buffer overflow bug.

"The vulnerability was exploited by C4 to verify it can be used for arbitrary code execution by an unauthorized attacker," researcher Idan Ofrat wrote in this advisory published on Thursday. "In addition, an attacker can use his control over the FEP server to insert a generic electric grid malware...in order to cause harm to the grid."

New Lobbying Group Calls for Internet Filtering

A just-formed lobbying group of content producers, equipment makers and internet gatekeepers said Thursday that internet service providers should embrace filtering.

Behind the lobby are AT&T, Cisco Systems, Microsoft, NBC Universal, Viacom and the Songwriters Guild of America. Among other things, the lobby, called Arts+Labs, says "network operators must have the flexibility to manage and expand their networks to defend against net pollution and illegal file-trafficking which threatens to congest and delay the network for all consumers."

The creation of the lobbying group came almost two months after the Federal Communications Commission issued an open invitation to ISPs to filter for unauthorized copyright material. The Aug. 1 invite was buried in the text of the FCC's stinging rebuke of Comcast for throttling BitTorrent and other peer-to-peer traffic.

AT&T and NBC have already made it clear they support blocking streams of unauthorized works, for obvious reasons. NBC and the songwriters want to get paid for their works. and AT&T supports filtering because it could reduce high-volume, peer-to-peer traffic.

Wednesday, September 24, 2008

Mark Fiore: Drill, Baby, Drill!

FBI Investigates Break-In at ID Card Contractor

An AP newswire article by John Christoffersen, via The Boston Globe, reports that:

Two laptop computers and other equipment were taken from a federal center in New Haven that processes applications for a program that provides identification cards to workers with access to seaports, federal officials said Wednesday.

Authorities say the computers, a camera and biometrics collection equipment were taken from the Grand Avenue site over the weekend.

The FBI is assessing whether there was a threat to national security, said spokesman Edward Garlick.

Christopher White, a spokesman for the Transportation Security Administration, said the stolen laptops do not pose a security risk. He says data is wiped clean daily and is encrypted, so it's not accessible to thieves.

Lockheed Martin, the contractor at the center, collects the data and submits it to TSA for background checks to make sure applicants do not pose a threat.

Judge Declares Mistrial in Jammie Thomas Trial

A federal judge on Wednesday set aside the nation's first and only federal jury verdict against a peer-to-peer file sharer for distributing copyrighted music on a peer-to-peer network without the labels' authorization.

U.S. District Judge Michael Davis of Duluth, Minnesota, declared a mistrial in the case of Jammie Thomas, a Minnesota mother of three dinged $222,000 by a federal jury last year for copyright infringement -- $9,250 for each of the 24 infringing music tracks she made publicly available on the Kazaa file sharing network.

Davis' decision means the Recording Industry Association of America's five-year copyright infringement litigation campaign has never been successful at trial.

Most of the 30,000 cases have settled out of court for a few thousand dollars and have never broached the hot-button legal issue that prompted Davis to declare a mistrial.

State AGs Push Online Child Safety Snake Oil

Attorneys general from a number of states have given their support to a collection of weak and ineffective age verification technologies, all of which aim to protect children on the Internet. At a meeting of the Internet Safety Technical Task Force at Harvard University on Tuesday, the consensus seemed to be that while none of the technologies actually work, doing anything at all was better than nothing. Simply put, no one wants to be blamed for inaction against online child predators.

Kicking off the meeting, Richard Blumenthal, the Connecticut attorney general, summed up the general expectation of the other 48 state attorneys general involved in the effort: "If we can put a man on the moon, we can make the Internet safe (for children)." Unfortunately, while the federal government sunk billions of R&D dollars into NASA's space efforts, the AGs have yet to cough up any research funds, and seem to expect industry to come up with their own solutions.

Voter Registration Fraud Could Lead to Identity Theft

The presidential election is nearly upon us, and with interest in the race peaking, both political parties will be pushing for maximum voter registration in the coming weeks. While many Americans are showing their civic pride and engaging in the political process, scammers and ID thieves see an opportunity to ply their trade. Your Better Business Bureau is warning Americans to be extremely cautious with their personal information this election season to avoid phony voter registration drives that are designed to steal their identities.

The New York Times puts the potential number of new voters in the millions and, according to the Pew Research Center, if the current level of voter engagement continues up to the election, the nation could experience historically high voter turnout this November. Unfortunately, a projected increase in voter turnout also means there will be a lot of people registering who are unfamiliar with the process, and who may be easy prey for ID thieves.

While pundits are concerned about voter fraud and its potential to skew election results, ID thieves are taking voter fraud in a different direction by trying to get their hands on new voters' personal information, such as Social Security or bank account numbers. Voter registration laws vary by state and changes take place regularly, which creates the confusing environment that ID thieves thrive on.

ID theft under the guise of voter registration can be perpetrated through e-mail, on the phone, and even in person.

Identity Thieves Stealing Children's Identities at Alarming Rate

Among the people Linda Foley is currently working to help are a 3-year-old whose Social Security number is being used by someone for work purposes. And there's a 5-year-old whose identity is linked to driver's licenses, arrest warrants for drunken driving, and a warrant for unpaid child support.

These stories may sound unusual, but Foley has heard of many such situations since she started the San Diego-based Identity Theft Resource Center in 1999, and she's convinced that the poaching of children's identities is more common than anyone knows.

Because identity theft is typically associated with financial matters like the misuse of credit cards, most people don't consider the possibility that their child's personal information could be stolen and misused. But more than 34,000 identity theft reports to the Federal Trade Commission from 2005 to 2007 concerned children under age 18.

FBI's Chief Information Officer Resigns

The FBI's chief information officer announced his resignation Wednesday, nearly five years after inheriting an information technology program fraught with disaster and dramatically turning it around.

"In 2004, everyone was asking when the FBI would join the 21st century," said CIO Zalmai Azmi. "Today I can tell you that we are in the 21st century and continue to move forward."

When Azmi joined the FBI as the acting CIO, the bureau was scheduled to roll out Virtual Case File, a software program meant to replace its archaic, paper-based criminal tracking system. Instead, the system was scrapped--and Azmi got to break the news to FBI Director Robert Mueller that the $170 million system, designed by Science Applications International, was unsalvageable.

Officially named the CIO in 2004, Azmi has since been working to build the bureau's IT branch and build confidence both within the agency and on Capitol Hill, where he meets with lawmakers twice a week.

New FISMA Bill Gets Committee OK

The Senate Homeland Security and Government Affairs Committee yesterday approved a Senate bill that would update the Federal Information Security Management Act.

S. 3474 [.pdf], The FISMA Act of 2008, was introduced Sept. 11 by Sen. Tom Carper (D-Del.) to address concerns that FISMA compliance had become a paperwork drill without ensuring improved IT security. The bill would require annual security audits by agencies and would give chief information security officers broader authority to enforce FISMA requirements.

FISMA is the primary law governing federal IT security, requiring risk-based security controls for non-national-security information systems and the certification and accreditation of systems. Carper’s bill would focus on ensuring that controls provide adequate security, replacing current FISMA evaluations with formal annual audits and requiring the appointment of chief information security officers in each civilian agency with authority to enforce FISMA compliance. The bill also would establish a CISO Council directed by the National Cyber Security Center and require the Homeland Security Department to conduct regular red team penetration tests against networks.

Adequate IT security also would be required on all contractor networks, and the Office of Management and Budget would establish contract language on IT security reflecting these requirements.

Tuesday, September 23, 2008

Toon of The Day [2]: Under The Bus

RCMP, Counter-Espionage Agency Probing Fake Harper e-Mails

The RCMP and Canada's electronic counter-espionage agency have been called in to investigate after someone sent out two fake e-mails under the name of Stephen Harper to subscribers of the prime minister's website mailing list.

The notes were sent over the weekend to an e-mail address that automatically distributes messages to people who have signed on to the Prime Minister's Office mailing list.

One of the messages, entitled "Why you shouldn't fear me," begins with the greeting "Hi The Average Canadian, Stephen Harper wanted to tell you…"

The e-mail then claims Harper's goal is "to make Canada America's 51st state and destroy health care that all Canadians cherish by infusing my propaganda with hard-core ad hominem attacks [attacks on someone's character]."

"Please vote for me, because if you do, I promise you'll be able to vote for McCain 2012!" the message reads.

Two Arrested in First Bust for ATM Reprogramming Scam

It took a high-speed chase and some gunplay, but two men in Lincoln, Nebraska, are the first to face felony charges for using default passcodes to reprogram retail cash machines to dispense free money.

Jordan Eske and Nicolas Foster, both 21, are in Lancaster County Jail pending an October 1st arraignment. They're each charged with four counts of theft by deception, and one count of computer fraud, for allegedly pulling cash from privately owned ATMs at four stores in the area. The pair allegedly reprogrammed the machines to believe they were loaded with one-dollar bills instead of tens and twenties. A withdrawal of $20 would thus net $380.

Cash machine reprogramming scams first became public in 2006 when a cyber thief strolled into a gas station in Virginia Beach, Virginia, and, with no special equipment, persuaded the Tranax ATM that it had $5.00 bills in its dispensing tray, instead of $20.00 bills. Threat Level later confirmed that default administrative passcodes for ATMs manufactured by industry leaders Tranax and Triton were printed in owner's manuals easily found online. Both companies said they were surprised by the scam, but an industry association of which they are members privately spotted the capers and warned members over a year earlier.

Estonia Catches Its First Spy

Estonian police have arrested high-ranking member of the Defense Ministry Herman Simm on accusations of espionage. His wife Heete Simm, a police lawyer, faces similarly charges. Estonian authorities have not named the country the couple were providing information to, but Estonian media and local experts claim it was Russia. Herman Simm, 61, was responsible for military secrets. In spite of several earlier claims by the government of Russian espionage operations in the country, this is the first spy case in the modern history of the country in which an actual agent has been identified.

The Simms were arrested on Sunday after the state prosecutor petitioned the court. The investigation is being carried out by the Estonian state prosecutor, security police, information department (foreign intelligence service) and Defense Ministry.

Defense Tech: Iranian Cyber Warfare Threat Assessment

The Iranian military consists of the Army, Air Force, Navy, and a Revolutionary Guard force. Iran's total active duty armed forces numbers 513,000, while reserves add another 350,000. The army is divided into 3 army headquarters with 4 armored divisions and 7 infantry divisions, 1 airborne brigade, 1 Special Forces division and now 1 cyber division.

Their budget equates to between $95 and $100 per capita. This figure is lower than other Persian Gulf nations, and lower as a percentage of gross national product than all other Gulf States except the United Arab Emirates.

Monday, September 22, 2008

Quote of The Day: Matt Volz

"Less than a week after balking at the Alaska Legislature's investigation into her alleged abuse of power, Gov. Sarah Palin on Monday indicated she will cooperate with a separate probe run by people she can fire."

The Onion: Gov. Palin's e-Mail Hacked

Expanded Powers to Search Travelers at Border Detailed

The U.S. government has quietly recast policies that affect the way information is gathered from U.S. citizens and others crossing the border and what is done with it, including relaxing a two-decade-old policy that placed a high bar on federal agents copying travelers' personal material, according to newly released documents.

The policy changes, privacy advocates say, also raise concerns about the guidelines under which border officers may share data copied from laptop computers and cellphones with other agencies and the types of questions they are allowed to ask American citizens.

In July, the Department of Homeland Security disclosed policies that showed that federal agents may copy books, documents, and the data on laptops and other electronic devices without suspecting a traveler of wrongdoing. But what DHS did not disclose was that since 1986 and until last year, the government generally required a higher standard: Federal agents needed probable cause that a law was being broken before they could copy material a traveler was bringing into the country.

The changes are part of a broader trend across the government to harness technology in the fight against terrorism. But they are taking place largely without public input or review, critics said, raising concerns that federal border agents are acting without proper guidelines or oversight and that policies are being adopted that do not adequately protect travelers' civil liberties when they are being questioned or their belongings searched.

The Future of Homeland Security

The future of homeland security – the concept rather than the huge government agency – was on the mind of DHS Secretary Michael Chertoff when he spoke recently at the Brookings Institution, the well-known Washington think tank. And while it was billed as one of a series of speeches marking DHS’s fifth anniversary, focusing on the vulnerabilities of the nation’s critical infrastructure, it had the feeling both of a valedictory and a defense of the Bush Administration’s free market oriented guiding philosophy.

Chertoff characterized "two very different views" of how to protect crucial national infrastructure. One he called the "government-centric model…Under this view, homeland security is essentially a government function in all respects."

Not surprisingly, Chertoff rejected this approach, saying the "approach we take is not this 20th century command-and-control approach. It’s rather a 21st century partnership approach." That view "involves business input into how to design a system to reduce vulnerability, and…relies upon business to do a great deal of the security checking itself."

According to Chertoff, the partnership model "also acknowledges the reality that it’s simply impossible -- and impossibly expensive -- for the government to handle 100 percent of Homeland Security preparedness, prevention, response, and recovery responsibilities in the 21st century."